Revolut breach: personal and banking data exposed


A highly-targeted cyberattack on a financial technology company might have affected over 50,000 customers. Revolut told Cybernews that card details were hashed and therefore protected.

"We recently received a highly-targeted cyberattack from an unauthorized third party that may have gained access to some of your information for a short period of time," Revolut said in an emailed statement to its impacted customers.

ADVERTISEMENT

The email was posted on Reddit by the affected user. "I contacted support and asked them which EXACT information of mine was stolen, but they couldn't answer, all they did was give me the same message of the email."

The fintech app disclosed the breach to the Lithuanian State Data Protection Inspectorate, saying it might have affected over 50,000 of its customers.

Revolut claims it has over 20 million personal users worldwide. The Lithuanian watchdog said that usernames, surnames, email addresses, phone numbers, some card data, and account numbers might have been compromised.

However, the email posted on Reddit says the money is safe, and no card details were accessed during the breach. Cybernews reached out to Revolut for clarification. The company said that “no complete payment card details were accessed.”

“Card details were hashed and therefore protected,” Revolut told in an email.

It said an unauthorised third party obtained access to the details of a small percentage (0.16%) of their customers.

“We have contacted the impacted individuals by email with further information regarding the types of data that may have been exposed. [...] We take incidents such as these incredibly seriously, and we would like to sincerely apologise to any customers who have been affected by this incident as the safety of our customers and their data is our top priority at Revolut.”

ADVERTISEMENT

Revolut said it would not be calling its users and sending them SMS messages regarding the breach, so any such attempt should be treated as a scam.

“We immediately identified and isolated the attack to drastically limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted,” Revolut spokesperson said.

Around the same time the breach was disclosed, Twitter users started sharing screenshots of the messages from scammers.

"Your new debit card is on the way to your new updated address, If you did not request a new card follow steps via: [malicious link]," the message reads.